With the development of informatization, problems of malicious software such as viruses and worms are growing. Currently, more than 35,000 forms of malicious software have been found, and more than 40,000,000 computers are infected each year. To prevent these attacks, it is required not only secured transmission and inspection of data while they are being inputted, but also protection starting from the source, i.e., every endpoint connected to the network. However, conventional security protection techniques can no longer protect against the various malicious attacks.
To this end, the Trusted Computing Group (TCG) have developed a network access specification based on Trusted Computing (TC), i.e., Trusted Network Connect (TNC), hereinafter referred to as TCG-TNC, which includes an open architecture for endpoint integrity and a set of standards that ensure secure interoperability. The set of standards can protect a network as needed by the user, to a user-defined level. Basically, the TCG-TNC is to establish a connection starting from endpoint integrity. Firstly, a set of policies for the operation of the systems within a trusted network are established. Only those endpoints that comply with the network-specified policies are allowed to access the network, and those devices that do not comply with the policies will be isolated and located by the network. Due to the use of a Trusted Platform Module (TPM), attacks from rootkits can also be blocked. A rootkit is an attack script, a modified system program, or a set of attack scripts or tools, for illegally obtaining the highest privileges in a targeted system. The architecture of TCG-TNC is shown in FIG. 1.
In FIG. 1, the Vendor-Specific IMC-IMV Messages Interface (IF-M) is an interface between an Integrity Measurement Collector (IMC) and an Integrity Measurement Verifier (IMV); the TNC Client-TNC Server Interface (IF-TNCCS) is an interface between a TNC client and a TNC server; the Network Authorization Transport Protocol Interface (IF-T) is an interface between a network access requestor and a network access authorizer; the Policy Enforcement Point Interface (IF-PEP) is an interface between a policy enforcement point and a network access authorizer; the Integrity Measurement Collector Interface (IF-IMC) is an interface between an integrity measurement collector and a TNC client; and the Integrity Measurement Verifier Interface (IF-IMV) is an interface between an integrity measurement verifier and a TNC server.
In the TCG-TNC architecture shown in FIG. 1, the access requestor does not evaluate the integrity of the policy enforcement point, hence, the policy enforcement point can not be relied upon. To solve this problem, a TNC architecture based on Tri-element Peer Authentication (TePA) has been proposed. The TePA-based TNC architecture is shown in FIG. 2.
In FIG. 2, the Integrity Measurement Interface (IF-IM) is an interface between an integrity measurement collector and an integrity measurement verifier; the TNC Client-TNC Access Point Interface (IF-TNCCAP) is an interface between a TNC client and a TNC access point; the Evaluation Policy Service Interface (IF-EPS) is an interface between a TNC access point and an evaluation policy server; the Trusted Network Transport Interface (IF-TNT) is an interface between a network access requestor and a network access controller; the Authentication Policy Service Interface (IF-APS) is an interface between a network access controller and an authentication policy server; the Integrity Measurement Collector Interface (IF-IMC) is between an integrity measurement collector and a TNC client, and between an integrity measurement collector and a TNC access point; and the Integrity Measurement Verifier Interface (IF-IMV) is an interface between an integrity measurement verifier and an evaluation policy server.
The TCG-TNC architecture shown in FIG. 1 and the TePA-based TNC architecture shown in FIG. 2 both require a platform authentication protocol to realize platform authentication (including platform credential authentication and integrity check handshake). However, due to the significant differences between the TePA-based TNC architecture shown in FIG. 2 and the TCG-TNC architecture shown in FIG. 1, the platform authentication protocol for the TCG-TNC architecture is not suitable for the TePA-based TNC architecture shown in FIG. 2. Therefore, it is desired to design a platform authentication protocol suitable for the TePA-based TNC architecture shown in FIG. 2.